Board of Advisers

Our exclusive board of advisers guides this site’s coverage of security, fraud, privacy, risk management
and other key issues. These experts provide input about the latest hot topics and contribute insight for news
coverage, podcast interviews and guest blogs. They regularly offer expert advice about regulatory compliance and the
current threat landscape, as well as provide insights about risk management strategies and security technologies.

Buse previously served as the manager of information technology audits for the Minnesota Office of the Legislative Auditor. During his 19 years as an auditor, Buse oversaw IT audit work conducted on large government computer systems. He serves on the board and is past president of the Minnesota chapter of the Information Systems Audit and Control Association. Buse received his bachelor's degree in accounting from St. Cloud State University and holds a number of accounting, auditing and IT security certifications.

Cappelli is director, insider risk management, at Rockwell Automation. She is responsible for design and execution of Rockwell's insider risk management program to deter, detect and respond to malicious insider activity across the global enterprise while protecting privacy and civil liberties of employees. Cappelli joined Rockwell from Carnegie Mellon University where she was founder and director of the CERT Insider Threat Center. She is recognized as one of the world's leaders in insider threat mitigation, and has worked with government and industry leaders on national strategy issues.

As head of the Cyber Challenge, Evans oversees an organization focused on searching for talent to strengthen the cybersecurity workforce in and out of government. Evans previously served as the federal government's de facto chief information officer - officially, administrator for information technology and e-government in the White House Office of Management and Budget - overseeing $70 billion-plus in federal government spending on IT. Earlier, she served as chief information officer at the Department of Energy.

Melissa E. Hathaway, led President Obama's Cyberspace Policy Review and helped develop cybersecurity policy for President George W. Bush.

Hathaway was named the Acting Senior Director for Cyberspace for the National Security and Homeland Security Councils on February 9, 2009, and placed in charge of an inter-agency review of the plan, programs, and activities underway throughout the government dedicated to cyber security.

Prior to that, Hathaway served as Senior Advisor to the Director of National Intelligence (DNI) and Cyber Coordination Executive. She chaired the National Cyber Study Group (NCSG). In her role at the NCSG, she contributed to the development of the Comprehensive National Cybersecurity Initiative (CNCI). Hathaway was appointed the Director of the Joint Interagency Cyber Task Force in January 2008.

Harkins is responsible for all aspects of information risk and security at Cylance as well as public policy and customer outreach to help improve understanding of cyber risks. He spent 23 years with Intel, most recently as its first Chief Security and Privacy Officer. In this role, he was responsible for managing the risk, controls, privacy, security and other related compliance activities for all of Intel's information assets, products and services. Before becoming Intel's first CSPO, he was the chief information security officer (CISO), reporting to the chief information officer. Harkins also held roles in finance, procurement and various business operations.

As CISO and chair of the Nevada State IT Security Committee, Ipsen has developed a four-step model to transform government and safeguard digital assets. Ipsen also is a member of the Nevada Commission on Homeland Security and the Nevada Technological Crime Advisory Board. A graduate of the University of Nevada, Reno, Ipsen holds certifications as a Certified Information Security Professional, an Information System Architectural Professional and a Certified Information Security Manager.

Ross specializes in information security, systems security engineering and risk management. He leads NIST's Federal Information Security Management Act Implementation Project, which includes the development of key security standards and guidelines for the federal government and critical information infrastructure. Ross also leads the Joint Task Force, an interagency partnership with the Department of Defense, Office of the Director National Intelligence, the U.S. Intelligence Community and the Committee on National Security Systems, with responsibility for developing the Unified Information Security Framework for the federal government and its contractors. In addition to his responsibilities at NIST, Ross supports the U.S. State Department in the international outreach program for information security and critical infrastructure protection. Ross has lectured at many universities across the country and has received numerous private sector cybersecurity awards.

Commonly known as Spaf, Spafford is a professor of computer science at Purdue University and a leading computer security expert. He is one of the senior, most recognized leaders in the field of computing. With nearly three decades of experience as a researcher and instructor, Spafford has worked in software engineering, reliable distributed computing, host and network security, digital forensics, computing policy and computing curriculum design.

Wilshusen joined the GAO, the investigative arm of Congress, in 1997, and oversees its IT security investigations and audits of federal government agencies and programs. He is a frequent witness before Congressional panels, testifying on government IT security. A certified public accountant, certified internal auditor and certified information systems auditor, Wilshusen previous served as the controller for the North Carolina Department of Environment, Health and Natural Resources, and held senior auditing positions at Irving Burton Associates, a professional and technical services firm, and with the U.S. Army Audit Agency.